Add setup-wireguard.sh

2024-02-14 22:26:59 +00:00 · 2024-02-14 22:26:59 +00:00 · 28cfcb180b
parent 43531c2a80
commit 28cfcb180b
1 changed files with 74 additions and 0 deletions
--- a/setup-wireguard.sh
+++ b/setup-wireguard.sh
@ -0,0 +1,74 @@
+#!/bin/bash
+
+SERVER_PRIVATE_KEY_PATH="/etc/wireguard/privatekey"
+SERVER_PUBLIC_KEY_PATH="/etc/wireguard/publickey"
+CLIENT_PRIVATE_KEY_PATH="/etc/wireguard/client_privatekey"
+CLIENT_PUBLIC_KEY_PATH="/etc/wireguard/client_publickey"
+WG_CONFIG="/etc/wireguard/wg0.conf"
+CLIENT_CONFIG="/etc/wireguard/wg-client.conf"
+SERVER_ADDRESS="10.0.0.1/24"
+CLIENT_ADDRESS="10.0.0.2/32"
+SERVER_PORT="51820"
+DNS="1.1.1.1"
+
+mkdir -p /etc/wireguard
+
+if [ ! -f "$SERVER_PRIVATE_KEY_PATH" ]; then
+    wg genkey | tee $SERVER_PRIVATE_KEY_PATH | wg pubkey > $SERVER_PUBLIC_KEY_PATH
+fi
+
+SERVER_PRIVATE_KEY=$(cat $SERVER_PRIVATE_KEY_PATH)
+SERVER_PUBLIC_KEY=$(cat $SERVER_PUBLIC_KEY_PATH)
+
+if [ ! -f "$CLIENT_PRIVATE_KEY_PATH" ]; then
+    wg genkey | tee $CLIENT_PRIVATE_KEY_PATH | wg pubkey > $CLIENT_PUBLIC_KEY_PATH
+fi
+
+CLIENT_PRIVATE_KEY=$(cat $CLIENT_PRIVATE_KEY_PATH)
+CLIENT_PUBLIC_KEY=$(cat $CLIENT_PUBLIC_KEY_PATH)
+
+if [ ! -f "$WG_CONFIG" ]; then
+cat > $WG_CONFIG << EOF
+[Interface]
+PrivateKey = $SERVER_PRIVATE_KEY
+Address = $SERVER_ADDRESS
+ListenPort = $SERVER_PORT
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
+[Peer]
+PublicKey = $CLIENT_PUBLIC_KEY
+AllowedIPs = $CLIENT_ADDRESS
+EOF
+fi
+chmod 600 /etc/wireguard/wg0.conf
+
+# Obtain the external IP address of the server
+EXTERNAL_IP=$(curl -s ifconfig.me)
+
+# Check if we successfully got the IP
+if [ -z "$EXTERNAL_IP" ]; then
+    echo "Failed to obtain external IP address."
+    exit 1
+fi
+EXTERNAL_IP=$(curl -s ifconfig.me)
+CLIENTS=${CLIENTS:-1}  # Default to 1 client if not specified
+
+for ((i = 1; i <= CLIENTS; i++)); do
+    CLIENT_PRIVATE_KEY=$(wg genkey)
+    CLIENT_PUBLIC_KEY=$(echo "$CLIENT_PRIVATE_KEY" | wg pubkey)
+    CLIENT_CONFIG="/etc/wireguard/client$i.conf"
+
+    # Generate client config
+    cat > "$CLIENT_CONFIG" << EOF
+[Interface]
+PrivateKey = $CLIENT_PRIVATE_KEY
+Address = 10.0.0.$((i+1))/32
+DNS = $DNS
+
+[Peer]
+PublicKey = $SERVER_PUBLIC_KEY
+Endpoint = $EXTERNAL_IP:$SERVER_PORT
+AllowedIPs = 0.0.0.0/0
+EOF
+done